package io.netty.handler.ssl;

import io.netty.handler.ssl.ApplicationProtocolConfig;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.KeyException;
import java.security.KeyFactory;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.Security;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.util.List;
import javax.crypto.Cipher;
import javax.crypto.EncryptedPrivateKeyInfo;
import javax.crypto.NoSuchPaddingException;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.PBEKeySpec;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSessionContext;
import javax.net.ssl.TrustManagerFactory;

/* compiled from: SslContext.java */
/* loaded from: classes.dex */
public abstract class az {
    static final CertificateFactory i;
    private final boolean a;

    static {
        try {
            i = CertificateFactory.getInstance("X.509");
        } catch (CertificateException e) {
            throw new IllegalStateException("unable to instance X.509 CertificateFactory", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public az() {
        this(false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public az(boolean z) {
        this.a = z;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static ApplicationProtocolConfig a(Iterable<String> iterable) {
        return iterable == null ? ApplicationProtocolConfig.a : new ApplicationProtocolConfig(ApplicationProtocolConfig.Protocol.NPN_AND_ALPN, ApplicationProtocolConfig.SelectorFailureBehavior.CHOOSE_MY_LAST_PROTOCOL, ApplicationProtocolConfig.SelectedListenerFailureBehavior.ACCEPT, iterable);
    }

    @Deprecated
    public static az a(SslProvider sslProvider) throws SSLException {
        return a(sslProvider, (File) null, (TrustManagerFactory) null);
    }

    @Deprecated
    public static az a(SslProvider sslProvider, File file) throws SSLException {
        return a(sslProvider, file, (TrustManagerFactory) null);
    }

    @Deprecated
    public static az a(SslProvider sslProvider, File file, File file2) throws SSLException {
        return a(sslProvider, file, file2, (String) null);
    }

    @Deprecated
    public static az a(SslProvider sslProvider, File file, File file2, String str) throws SSLException {
        return a(sslProvider, file, file2, str, (Iterable<String>) null, k.a, (ApplicationProtocolConfig) null, 0L, 0L);
    }

    @Deprecated
    public static az a(SslProvider sslProvider, File file, File file2, String str, Iterable<String> iterable, h hVar, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2) throws SSLException {
        return a(sslProvider, null, null, file, file2, str, null, iterable, hVar, applicationProtocolConfig, j, j2);
    }

    @Deprecated
    public static az a(SslProvider sslProvider, File file, File file2, String str, Iterable<String> iterable, Iterable<String> iterable2, long j, long j2) throws SSLException {
        return a(sslProvider, file, file2, str, iterable, k.a, a(iterable2), j, j2);
    }

    @Deprecated
    public static az a(SslProvider sslProvider, File file, File file2, String str, TrustManagerFactory trustManagerFactory, Iterable<String> iterable, Iterable<String> iterable2, long j, long j2) throws SSLException {
        return a(sslProvider, null, trustManagerFactory, file, file2, str, null, iterable, k.a, a(iterable2), j, j2);
    }

    @Deprecated
    public static az a(SslProvider sslProvider, File file, TrustManagerFactory trustManagerFactory) throws SSLException {
        return a(sslProvider, file, trustManagerFactory, (Iterable<String>) null, k.a, (ApplicationProtocolConfig) null, 0L, 0L);
    }

    @Deprecated
    public static az a(SslProvider sslProvider, File file, TrustManagerFactory trustManagerFactory, File file2, File file3, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, h hVar, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2) throws SSLException {
        try {
            return a(sslProvider, null, b(file), trustManagerFactory, b(file2), a(file3, str), str, keyManagerFactory, iterable, hVar, applicationProtocolConfig, j, j2, ClientAuth.NONE, null, false, false);
        } catch (Exception e) {
            if (e instanceof SSLException) {
                throw ((SSLException) e);
            }
            throw new SSLException("failed to initialize the server-side SSL context", e);
        }
    }

    @Deprecated
    public static az a(SslProvider sslProvider, File file, TrustManagerFactory trustManagerFactory, Iterable<String> iterable, h hVar, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2) throws SSLException {
        return b(sslProvider, file, trustManagerFactory, null, null, null, null, iterable, hVar, applicationProtocolConfig, j, j2);
    }

    @Deprecated
    public static az a(SslProvider sslProvider, File file, TrustManagerFactory trustManagerFactory, Iterable<String> iterable, Iterable<String> iterable2, long j, long j2) throws SSLException {
        return b(sslProvider, file, trustManagerFactory, null, null, null, null, iterable, k.a, a(iterable2), j, j2);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static az a(SslProvider sslProvider, Provider provider, X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, h hVar, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2, ClientAuth clientAuth, String[] strArr, boolean z, boolean z2) throws SSLException {
        if (sslProvider == null) {
            sslProvider = r();
        }
        switch (sslProvider) {
            case JDK:
                if (z2) {
                    throw new IllegalArgumentException("OCSP is not supported with this SslProvider: " + sslProvider);
                }
                return new v(provider, x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, hVar, applicationProtocolConfig, j, j2, clientAuth, strArr, z);
            case OPENSSL:
                a(sslProvider, provider);
                return new ak(x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, hVar, applicationProtocolConfig, j, j2, clientAuth, strArr, z, z2);
            case OPENSSL_REFCNT:
                a(sslProvider, provider);
                return new av(x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, hVar, applicationProtocolConfig, j, j2, clientAuth, strArr, z, z2);
            default:
                throw new Error(sslProvider.toString());
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static az a(SslProvider sslProvider, Provider provider, X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory, X509Certificate[] x509CertificateArr2, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, h hVar, ApplicationProtocolConfig applicationProtocolConfig, String[] strArr, long j, long j2, boolean z) throws SSLException {
        if (sslProvider == null) {
            sslProvider = s();
        }
        switch (sslProvider) {
            case JDK:
                if (z) {
                    throw new IllegalArgumentException("OCSP is not supported with this SslProvider: " + sslProvider);
                }
                return new s(provider, x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, hVar, applicationProtocolConfig, strArr, j, j2);
            case OPENSSL:
                a(sslProvider, provider);
                return new ab(x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, hVar, applicationProtocolConfig, strArr, j, j2, z);
            case OPENSSL_REFCNT:
                a(sslProvider, provider);
                return new at(x509CertificateArr, trustManagerFactory, x509CertificateArr2, privateKey, str, keyManagerFactory, iterable, hVar, applicationProtocolConfig, strArr, j, j2, z);
            default:
                throw new Error(sslProvider.toString());
        }
    }

    @Deprecated
    public static az a(SslProvider sslProvider, TrustManagerFactory trustManagerFactory) throws SSLException {
        return a(sslProvider, (File) null, trustManagerFactory);
    }

    @Deprecated
    public static az a(File file) throws SSLException {
        return a((SslProvider) null, file);
    }

    @Deprecated
    public static az a(File file, File file2) throws SSLException {
        return a(file, file2, (String) null);
    }

    @Deprecated
    public static az a(File file, File file2, String str) throws SSLException {
        return a((SslProvider) null, file, file2, str);
    }

    @Deprecated
    public static az a(File file, File file2, String str, Iterable<String> iterable, h hVar, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2) throws SSLException {
        return a((SslProvider) null, file, file2, str, iterable, hVar, applicationProtocolConfig, j, j2);
    }

    @Deprecated
    public static az a(File file, File file2, String str, Iterable<String> iterable, Iterable<String> iterable2, long j, long j2) throws SSLException {
        return a((SslProvider) null, file, file2, str, iterable, iterable2, j, j2);
    }

    @Deprecated
    public static az a(File file, TrustManagerFactory trustManagerFactory) throws SSLException {
        return a((SslProvider) null, file, trustManagerFactory);
    }

    @Deprecated
    public static az a(File file, TrustManagerFactory trustManagerFactory, Iterable<String> iterable, h hVar, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2) throws SSLException {
        return a((SslProvider) null, file, trustManagerFactory, iterable, hVar, applicationProtocolConfig, j, j2);
    }

    @Deprecated
    public static az a(File file, TrustManagerFactory trustManagerFactory, Iterable<String> iterable, Iterable<String> iterable2, long j, long j2) throws SSLException {
        return a((SslProvider) null, file, trustManagerFactory, iterable, iterable2, j, j2);
    }

    @Deprecated
    public static az a(TrustManagerFactory trustManagerFactory) throws SSLException {
        return a((SslProvider) null, (File) null, trustManagerFactory);
    }

    static KeyStore a(X509Certificate[] x509CertificateArr, PrivateKey privateKey, char[] cArr) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        keyStore.setKeyEntry("key", privateKey, cArr, x509CertificateArr);
        return keyStore;
    }

    private static PrivateKey a(io.netty.buffer.j jVar, String str) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, KeyException, IOException {
        byte[] bArr = new byte[jVar.i()];
        jVar.a(bArr).release();
        PKCS8EncodedKeySpec a = a(str == null ? null : str.toCharArray(), bArr);
        try {
            return KeyFactory.getInstance("RSA").generatePrivate(a);
        } catch (InvalidKeySpecException e) {
            try {
                return KeyFactory.getInstance("DSA").generatePrivate(a);
            } catch (InvalidKeySpecException e2) {
                try {
                    return KeyFactory.getInstance("EC").generatePrivate(a);
                } catch (InvalidKeySpecException e3) {
                    throw new InvalidKeySpecException("Neither RSA, DSA nor EC worked", e3);
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey a(File file, String str) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, KeyException, IOException {
        if (file == null) {
            return null;
        }
        return a(ar.b(file), str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey a(InputStream inputStream, String str) throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidAlgorithmParameterException, KeyException, IOException {
        if (inputStream == null) {
            return null;
        }
        return a(ar.b(inputStream), str);
    }

    protected static PKCS8EncodedKeySpec a(char[] cArr, byte[] bArr) throws IOException, NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeySpecException, InvalidKeyException, InvalidAlgorithmParameterException {
        if (cArr == null) {
            return new PKCS8EncodedKeySpec(bArr);
        }
        EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(bArr);
        SecretKey generateSecret = SecretKeyFactory.getInstance(encryptedPrivateKeyInfo.getAlgName()).generateSecret(new PBEKeySpec(cArr));
        Cipher cipher = Cipher.getInstance(encryptedPrivateKeyInfo.getAlgName());
        cipher.init(2, generateSecret, encryptedPrivateKeyInfo.getAlgParameters());
        return encryptedPrivateKeyInfo.getKeySpec(cipher);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyManagerFactory a(X509Certificate[] x509CertificateArr, String str, PrivateKey privateKey, String str2, KeyManagerFactory keyManagerFactory) throws KeyStoreException, NoSuchAlgorithmException, IOException, CertificateException, UnrecoverableKeyException {
        char[] charArray = str2 == null ? io.netty.util.internal.g.c : str2.toCharArray();
        KeyStore a = a(x509CertificateArr, privateKey, charArray);
        if (keyManagerFactory == null) {
            keyManagerFactory = KeyManagerFactory.getInstance(str);
        }
        keyManagerFactory.init(a, charArray);
        return keyManagerFactory;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static KeyManagerFactory a(X509Certificate[] x509CertificateArr, PrivateKey privateKey, String str, KeyManagerFactory keyManagerFactory) throws UnrecoverableKeyException, KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
        String property = Security.getProperty("ssl.KeyManagerFactory.algorithm");
        if (property == null) {
            property = "SunX509";
        }
        return a(x509CertificateArr, property, privateKey, str, keyManagerFactory);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static TrustManagerFactory a(X509Certificate[] x509CertificateArr, TrustManagerFactory trustManagerFactory) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
        KeyStore keyStore = KeyStore.getInstance("JKS");
        keyStore.load(null, null);
        int i2 = 1;
        for (X509Certificate x509Certificate : x509CertificateArr) {
            keyStore.setCertificateEntry(Integer.toString(i2), x509Certificate);
            i2++;
        }
        if (trustManagerFactory == null) {
            trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
        }
        trustManagerFactory.init(keyStore);
        return trustManagerFactory;
    }

    private static void a(SslProvider sslProvider, Provider provider) {
        if (provider != null) {
            throw new IllegalArgumentException("Java Security Provider unsupported for SslProvider: " + sslProvider);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Certificate[] a(InputStream inputStream) throws CertificateException {
        if (inputStream == null) {
            return null;
        }
        return a(ar.a(inputStream));
    }

    private static X509Certificate[] a(io.netty.buffer.j[] jVarArr) throws CertificateException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        X509Certificate[] x509CertificateArr = new X509Certificate[jVarArr.length];
        int i2 = 0;
        while (i2 < jVarArr.length) {
            try {
                io.netty.buffer.o oVar = new io.netty.buffer.o(jVarArr[i2], true);
                try {
                    x509CertificateArr[i2] = (X509Certificate) certificateFactory.generateCertificate(oVar);
                    try {
                        oVar.close();
                        i2++;
                    } catch (IOException e) {
                        throw new RuntimeException(e);
                    }
                } catch (Throwable th) {
                    try {
                        oVar.close();
                        throw th;
                    } catch (IOException e2) {
                        throw new RuntimeException(e2);
                    }
                }
            } finally {
                while (i2 < jVarArr.length) {
                    jVarArr[i2].release();
                    i2++;
                }
            }
        }
        int i3 = i2;
        return x509CertificateArr;
    }

    @Deprecated
    public static az b(SslProvider sslProvider, File file, TrustManagerFactory trustManagerFactory, File file2, File file3, String str, KeyManagerFactory keyManagerFactory, Iterable<String> iterable, h hVar, ApplicationProtocolConfig applicationProtocolConfig, long j, long j2) throws SSLException {
        try {
            return a(sslProvider, null, b(file), trustManagerFactory, b(file2), a(file3, str), str, keyManagerFactory, iterable, hVar, applicationProtocolConfig, null, j, j2, false);
        } catch (Exception e) {
            if (e instanceof SSLException) {
                throw ((SSLException) e);
            }
            throw new SSLException("failed to initialize the client-side SSL context", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static PrivateKey b(File file, String str) throws SSLException {
        try {
            return a(file, str);
        } catch (Exception e) {
            throw new SSLException(e);
        }
    }

    @Deprecated
    protected static TrustManagerFactory b(File file, TrustManagerFactory trustManagerFactory) throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
        return a(b(file), trustManagerFactory);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Certificate[] b(File file) throws CertificateException {
        if (file == null) {
            return null;
        }
        return a(ar.a(file));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static X509Certificate[] c(File file) throws SSLException {
        try {
            return b(file);
        } catch (CertificateException e) {
            throw new SSLException(e);
        }
    }

    private static SslProvider g() {
        return z.a() ? SslProvider.OPENSSL : SslProvider.JDK;
    }

    public static SslProvider r() {
        return g();
    }

    public static SslProvider s() {
        return g();
    }

    @Deprecated
    public static az t() throws SSLException {
        return a((SslProvider) null, (File) null, (TrustManagerFactory) null);
    }

    public abstract SSLEngine a(io.netty.buffer.k kVar);

    public abstract SSLEngine a(io.netty.buffer.k kVar, String str, int i2);

    public abstract boolean a();

    public final SslHandler b(io.netty.buffer.k kVar) {
        return new SslHandler(a(kVar), this.a);
    }

    public abstract List<String> b();

    public abstract long c();

    public final SslHandler c(io.netty.buffer.k kVar, String str, int i2) {
        return new SslHandler(a(kVar, str, i2), this.a);
    }

    public abstract long d();

    public abstract e e();

    public abstract SSLSessionContext f();

    public final boolean u() {
        return !a();
    }

    @Deprecated
    public final List<String> v() {
        return e().a();
    }
}
